Class: AWSCDK::NetworkFirewall::CfnTLSInspectionConfiguration::ServerCertificateConfigurationProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::NetworkFirewall::CfnTLSInspectionConfiguration::ServerCertificateConfigurationProperty
- Defined in:
- network_firewall/cfn_tls_inspection_configuration.rb
Overview
Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration . You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see Using SSL/TLS server certficiates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.
Instance Attribute Summary collapse
-
#certificate_authority_arn ⇒ String?
readonly
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
-
#check_certificate_revocation_status ⇒ AWSCDK::IResolvable, ...
readonly
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.
-
#scopes ⇒ AWSCDK::IResolvable, ...
readonly
A list of scopes.
-
#server_certificates ⇒ AWSCDK::IResolvable, ...
readonly
The list of server certificates to use for inbound SSL/TLS inspection.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(certificate_authority_arn: nil, check_certificate_revocation_status: nil, scopes: nil, server_certificates: nil) ⇒ ServerCertificateConfigurationProperty
constructor
A new instance of ServerCertificateConfigurationProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(certificate_authority_arn: nil, check_certificate_revocation_status: nil, scopes: nil, server_certificates: nil) ⇒ ServerCertificateConfigurationProperty
Returns a new instance of ServerCertificateConfigurationProperty.
724 725 726 727 728 729 730 731 732 733 |
# File 'network_firewall/cfn_tls_inspection_configuration.rb', line 724 def initialize(certificate_authority_arn: nil, check_certificate_revocation_status: nil, scopes: nil, server_certificates: nil) @certificate_authority_arn = Jsii::Type.check_type(@certificate_authority_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "certificateAuthorityArn") unless @certificate_authority_arn.nil? @check_certificate_revocation_status = check_certificate_revocation_status.is_a?(Hash) ? ::AWSCDK::NetworkFirewall::CfnTLSInspectionConfiguration::CheckCertificateRevocationStatusProperty.new(**check_certificate_revocation_status.transform_keys(&:to_sym)) : check_certificate_revocation_status Jsii::Type.check_type(@check_certificate_revocation_status, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19uZXR3b3JrZmlyZXdhbGwuQ2ZuVExTSW5zcGVjdGlvbkNvbmZpZ3VyYXRpb24uQ2hlY2tDZXJ0aWZpY2F0ZVJldm9jYXRpb25TdGF0dXNQcm9wZXJ0eSJ9XX19")), "checkCertificateRevocationStatus") unless @check_certificate_revocation_status.nil? @scopes = scopes Jsii::Type.check_type(@scopes, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbmV0d29ya2ZpcmV3YWxsLkNmblRMU0luc3BlY3Rpb25Db25maWd1cmF0aW9uLlNlcnZlckNlcnRpZmljYXRlU2NvcGVQcm9wZXJ0eSJ9XX19LCJraW5kIjoiYXJyYXkifX1dfX0=")), "scopes") unless @scopes.nil? @server_certificates = server_certificates Jsii::Type.check_type(@server_certificates, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbmV0d29ya2ZpcmV3YWxsLkNmblRMU0luc3BlY3Rpb25Db25maWd1cmF0aW9uLlNlcnZlckNlcnRpZmljYXRlUHJvcGVydHkifV19fSwia2luZCI6ImFycmF5In19XX19")), "serverCertificates") unless @server_certificates.nil? end |
Instance Attribute Details
#certificate_authority_arn ⇒ String? (readonly)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide .
748 749 750 |
# File 'network_firewall/cfn_tls_inspection_configuration.rb', line 748 def @certificate_authority_arn end |
#check_certificate_revocation_status ⇒ AWSCDK::IResolvable, ... (readonly)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.
If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .
755 756 757 |
# File 'network_firewall/cfn_tls_inspection_configuration.rb', line 755 def check_certificate_revocation_status @check_certificate_revocation_status end |
#scopes ⇒ AWSCDK::IResolvable, ... (readonly)
A list of scopes.
760 761 762 |
# File 'network_firewall/cfn_tls_inspection_configuration.rb', line 760 def scopes @scopes end |
#server_certificates ⇒ AWSCDK::IResolvable, ... (readonly)
The list of server certificates to use for inbound SSL/TLS inspection.
765 766 767 |
# File 'network_firewall/cfn_tls_inspection_configuration.rb', line 765 def server_certificates @server_certificates end |
Class Method Details
.jsii_properties ⇒ Object
767 768 769 770 771 772 773 774 |
# File 'network_firewall/cfn_tls_inspection_configuration.rb', line 767 def self.jsii_properties { :certificate_authority_arn => "certificateAuthorityArn", :check_certificate_revocation_status => "checkCertificateRevocationStatus", :scopes => "scopes", :server_certificates => "serverCertificates", } end |
Instance Method Details
#to_jsii ⇒ Object
776 777 778 779 780 781 782 783 784 785 |
# File 'network_firewall/cfn_tls_inspection_configuration.rb', line 776 def to_jsii result = {} result.merge!({ "certificateAuthorityArn" => @certificate_authority_arn, "checkCertificateRevocationStatus" => @check_certificate_revocation_status, "scopes" => @scopes, "serverCertificates" => @server_certificates, }) result.compact end |